regulation

EU's Artificial Intelligence Act establishes a comprehensive legal framework for AI, imposing obligations on companies within and outside the EU. It adopts a risk-based approach requiring compliance assessments, internal policies on generative AI, and ongoing monitoring after deployment. The Act categorizes AI systems by risk level, outlines compliance procedures, and mandates transparency and incident reporting. Non-compliance can result in significant penalties. The Act aims to unify the internal market, mitigate risks, and foster trustworthy AI development. Companies must proactively embrace compliance for strategic advantage.

https://www.leadersleague.com/en/news/corporate-compliance-eu-artificial-intelligence-act

EU proposes thresholds for computational resources to clarify compliance for general-purpose AI (GPAI) models under the AI Act effective August 2025. The guidelines, subject to industry feedback via a survey, aim to establish when AI models become subject to regulatory requirements. Key points include defining GPAI models based on compute use (>= 10^22 FLOP), obligations for record-keeping, copyright policies, and potential compliance benefits for signatories to a forthcoming code of practice. Critics argue reliance on FLOP is flawed as it may inadequately reflect model capabilities and risks. Moreover, modifications over certain compute thresholds may elevate compliance burdens.

https://www.pinsentmasons.com/out-law/news/eu-clarify-ai-act-scope-gen-ai

EU AI Office issued draft guidelines for obligations on general-purpose AI (GPAI) models applicable from August 2025. Stakeholders can provide feedback until May 22, 2025. The guidelines clarify the AI Act's provisions for GPAI, defining it as models performing multiple tasks, needing technical documentation and copyright compliance. Systems exceeding 10^25 FLOPs qualify as GPAI with systemic risk (GPAI-SR) and have stricter requirements. Fine-tuning these models may create new compliance obligations. Companies should establish AI governance, map AI applications, and prepare for the upcoming regulations. Compliance for earlier models must be achieved by August 2027.

https://www.wsgr.com/en/insights/eu-ai-office-clarifies-key-obligations-for-ai-models-becoming-applicable-in-august.html

EU Commission may intervene if technical standards for AI Act are delayed, currently set for 2026. Alternatives could aid compliance, though standards are not mandatory. The AI Act aims to regulate high-risk AI systems, with full enforcement expected by 2027.

https://www.euronews.com/next/2025/04/28/eu-commission-ready-to-step-in-if-ai-standards-delayed

EU Commission establishes guidelines for prohibited AI practices under AI Act, effective February 2025. Prohibitions include harmful manipulation, exploitation of vulnerabilities, social scoring, predictive criminal assessments, untargeted facial data scraping, emotion recognition, biometric categorization, and real-time remote biometric identification. Guidelines aim to clarify compliance and foster uniform application of the Act across the EU, though they are non-binding. Providers and deployers are responsible for ensuring AI systems meet regulations.

https://www.orrick.com/en/Insights/2025/04/EU-Commission-Publishes-Guidelines-on-the-Prohibited-AI-Practices-under-the-AI-Act